[Samba] Samba 4 to replicate my samba3.6 config
Justin Cooper-Marsh
JCooper-Marsh at cbnl.com
Fri Oct 17 06:34:25 MDT 2014
Still the same issue
A slight development, When I use force group development and chown the group, all works
If I leave the group as is, it should authenticate as a unix user in my instance "jcm".
It does not. Perhaps the window/unix user mapping is not in place.
-----Original Message-----
From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] On Behalf Of Rowland Penny
Sent: 17 October 2014 13:18
To: samba at lists.samba.org
Subject: Re: [Samba] Samba 4 to replicate my samba3.6 config
On 17/10/14 12:18, Justin Cooper-Marsh wrote:
> The security server for the samba 3 config is a Windows 2008 Active
> Directory server
>
> I have run net ads join on the samba 4 server to allow the winbindd to authenticate. Until I did this I was unable to authenticate from a windows PC.
>
>
>
> -----Original Message-----
> From: samba-bounces at lists.samba.org
> [mailto:samba-bounces at lists.samba.org] On Behalf Of Rowland Penny
> Sent: 17 October 2014 11:51
> To: samba at lists.samba.org
> Subject: Re: [Samba] Samba 4 to replicate my samba3.6 config
>
> On 17/10/14 11:36, Justin Cooper-Marsh wrote:
>> [global]
>>
>> workgroup = CBL
>> netbios name = NEWVSBUILD
>> null passwords = yes
>> fake oplocks = yes
>> log level = 1
>>
>> server string = Engsvr
>> log file = /var/log/samba-engsvr/log.%m lock directory =
>> /var/run/samba-engsvr state directory = /var/lib/samba-engsvr cache
>> directory = /var/cache/samba-engsvr pid directory =
>> /var/run/samba-engsvr private dir = /var/lib/samba-engsvr
>> max log size = 512
>> security = server
>> password server = dc1, dc2, dc3
>>
>> password level = 8
>> username level = 8
>> #vfs objects = extd_audit
>>
>>
>> # socket options = TCP_NODELAY SO_RCVBUF=65536 SO_SNDBUF=16384
>> socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
>>
>> # Configure Samba to use multiple interfaces # If you have multiple
>> network interfaces then you must list them # here. See the man page
>> for details.
>> ; interfaces = 192.168.12.2/24 192.168.13.2/24
>> interfaces = eth0
>> bind interfaces only = Yes
>>
>> # Configure remote browse list synchronisation here # request
>> announcement to, or browse list sync from:
>> # a specific host or from / to a whole subnet (see below)
>> ; remote browse sync = 192.168.3.25 192.168.5.255
>> # Cause this host to announce itself to local subnets here
>> ; remote announce = 192.168.1.255 192.168.2.44
>> remote announce = 172.24.0.255 172.16.8.255 172.16.4.255
>>
>> # Browser Control Options:
>> # set local master to no if you don't want Samba to become a master #
>> browser on your network. Otherwise the normal election rules apply
>> local master = no
>>
>> name resolve order = host wins lmhosts bcast
>>
>> wins server = 10.0.0.184
>>
>> #============================ Share Definitions
>> ==============================
>>
>> # This one is useful for people to share files
>>
>> [scratch]
>> comment = Scratch folders
>> path = /scratch
>> valid users = @development @test-ver @cvs
>> browseable = yes
>> writable = yes
>> locking = yes
>>
>>
>> -----Original Message-----
>> From: samba-bounces at lists.samba.org
>> [mailto:samba-bounces at lists.samba.org] On Behalf Of Rowland Penny
>> Sent: 17 October 2014 11:31
>> To: samba at lists.samba.org
>> Subject: Re: [Samba] Samba 4 to replicate my samba3.6 config
>>
>> On 17/10/14 11:26, Justin Cooper-Marsh wrote:
>>> We are running Arch Linux as a new sever and only has samba4
>>> available officially I am trying to migrate my samba 3 config to
>>> work with samba 4
>>>
>>>
>>> I currently use samba to authenticate windows users to use our Linux shares. Then using the Unix groups setup in NIS to validate the users access to a particular share.
>>>
>>> Here is the problem.
>>>
>>> I can see the shares using samba 4 but it uses the "Domain users" group to read and write to the shares and not any of the Unix groups.
>>>
>>> Any Suggestions?
>>>
>>>
>>> My samba 4 config
>>>
>>>
>>>
>>> [Global]
>>> netbios name = newvsbuild
>>> workgroup = mydomain
>>> realm = mydomain.local
>>> server string = %h ArchLinux Host
>>> security = ads
>>> encrypt passwords = yes
>>> #password server = dc1.cambridgebroadband.com
>>>
>>> idmap config * : backend = rid
>>> idmap config * : range = 10000-20000
>>>
>>> winbind use default domain = Yes
>>> winbind enum users = Yes
>>> winbind enum groups = Yes
>>> winbind nested groups = Yes
>>> winbind separator = @
>>> winbind refresh tickets = yes
>>>
>>> template shell = /bin/bash
>>> template homedir = /home/%D/%U
>>>
>>> preferred master = no
>>> dns proxy = no
>>> wins server = cb-dc1.cambridgebroadband.com
>>> wins proxy = no
>>>
>>> inherit acls = Yes
>>> map acl inherit = Yes
>>> acl group control = yes
>>>
>>> # load printers = no
>>> debug level = 3
>>> use sendfile = no
>>>
>>>
>>> [share]
>>> comment = Scratch folders
>>> path = /scratch
>>> valid users = @development @cvs
>>> browseable = yes
>>> writable = yes
>>> locking = yes
>>> create mode = 0770
>>> directory mode = 0770
>>>
>>>
>>> Cambridge Broadband Networks Limited (CBNL) is registered in England and Wales at Byron House, Cambridge Business Park, Cowley Road, Cambridge CB4 0WZ under company registration number 3879840. CBNL is the market leader in carrier-class multipoint microwave backhaul and access solutions, serving customers in over 40 countries across the globe.
>>>
>>> This e-mail and any attachments to it are confidential. If you are not the intended recipient, please send an e-mail to the sender stating that it has been received in error and then delete all copies of it immediately. Any views expressed may not be the views of CBNL. Please only print this email if necessary.
>> Hi, any chance that you can post your samba3 smb.conf ?
>>
>> Rowland
>>
> OK, trying to understand this, it looks as if your original S3 machine
> uses another machine for authentication (security = server), just what
> is this machine ? another samba machine or a windows server ?
>
> Your samba4 machine appears to be a domain member, is it joined to a
> domain ?
>
> Rowland
>
OK, try changing smb.conf to this:
[Global]
workgroup = MYDOMAIN
realm = MYDOMAIN.LOCAL
server string = %h ArchLinux Host
security = ADS
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
idmap config * : backend = tdb
idmap config * : range = 30000-40000
idmap config MYDOMAIN : backend = rid
idmap config MYDOMAIN : range = 10000-20000
winbind use default domain = Yes
winbind enum users = Yes
winbind enum groups = Yes
winbind nested groups = Yes
winbind separator = @
winbind refresh tickets = yes
template shell = /bin/bash
template homedir = /home/%D/%U
preferred master = no
dns proxy = no
wins server = cb-dc1.cambridgebroadband.com
wins proxy = no
inherit acls = Yes
map acl inherit = Yes
acl group control = yes
# load printers = no
debug level = 3
use sendfile = no
Rowland
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Cambridge Broadband Networks Limited (CBNL) is registered in England and Wales at Byron House, Cambridge Business Park, Cowley Road, Cambridge CB4 0WZ under company registration number 3879840. CBNL is the market leader in carrier-class multipoint microwave backhaul and access solutions, serving customers in over 40 countries across the globe.
This e-mail and any attachments to it are confidential. If you are not the intended recipient, please send an e-mail to the sender stating that it has been received in error and then delete all copies of it immediately. Any views expressed may not be the views of CBNL. Please only print this email if necessary.
More information about the samba
mailing list